Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2411
Security Update 2022-004 Catalina
17 May 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Catalina
Publisher: Apple
Operating System: macOS
Resolution: Patch/Upgrade
CVE Names: CVE-2022-26775 CVE-2022-26770 CVE-2022-26769
CVE-2022-26766 CVE-2022-26763 CVE-2022-26761
CVE-2022-26757 CVE-2022-26756 CVE-2022-26755
CVE-2022-26751 CVE-2022-26748 CVE-2022-26746
CVE-2022-26728 CVE-2022-26727 CVE-2022-26726
CVE-2022-26722 CVE-2022-26721 CVE-2022-26720
CVE-2022-26715 CVE-2022-26714 CVE-2022-26698
CVE-2022-26697 CVE-2022-23308 CVE-2022-22721
CVE-2022-22720 CVE-2022-22719 CVE-2022-22674
CVE-2022-22665 CVE-2022-22663 CVE-2022-22589
CVE-2022-0778 CVE-2022-0530 CVE-2021-45444
CVE-2021-44790 CVE-2021-44224 CVE-2018-25032
Original Bulletin:
https://support.apple.com/HT213255
Comment: CVSS (Max): 9.8* CVE-2022-22721 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* Not all CVSS available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
Security Update 2022-004 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213255.
apache
Available for: macOS Catalina
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppKit
Available for: macOS Catalina
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-26698: Qi Sun of Trend Micro
CoreTypes
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2022-22663: Arsenii Kostromin (0x3c3e)
CVMS
Available for: macOS Catalina
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
Graphics Drivers
Available for: macOS Catalina
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2022-22674: an anonymous researcher
Intel Graphics Driver
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
Intel Graphics Driver
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Available for: macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro
Zero Day Initiative
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyá»\x{133}n VÅ© Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
libresolv
Available for: macOS Catalina
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Available for: macOS Catalina
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2022-0778
libxml2
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
OpenSSL
Available for: macOS Catalina
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: This issue was addressed with improved checks.
CVE-2022-0778
PackageKit
Available for: macOS Catalina
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Printing
Available for: macOS Catalina
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26746: @gorelics
Security
Available for: macOS Catalina
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26715: Peter Nguyá»\x{133}n VÅ© Hoàng of STAR Labs
SoftwareUpdate
Available for: macOS Catalina
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
TCC
Available for: macOS Catalina
Impact: An app may be able to capture a user's screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher
Tcl
Available for: macOS Catalina
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Available for: macOS Catalina
Impact: Processing a maliciously crafted mail message may lead to
running arbitrary javascript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu
of Palo Alto Networks (paloaltonetworks.com)
Wi-Fi
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26761: Wang Yu of Cyberserval
zip
Available for: macOS Catalina
Impact: Processing a maliciously crafted file may lead to a denial of
service
Description: A denial of service issue was addressed with improved
state handling.
CVE-2022-0530
zlib
Available for: macOS Catalina
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-25032: Tavis Ormandy
zsh
Available for: macOS Catalina
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed by updating to zsh version
5.8.1.
CVE-2021-45444
Additional recognition
PackageKit
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.
Security Update 2022-004 Catalina may be obtained from the Mac App
Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p
rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0
58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB
rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH
4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ
NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0
NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm
ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE
9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG
PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF
x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i
vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g=
=JBHs
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYoMqEskNZI30y1K9AQjJSxAAt7LUrv5Yt0NCk/MniIw5CE4kh2gYuWAv
0GpMwwdcjI7wEwErk0yOUD6EpfgTFAT8CqM+BLc+WjqdibrSms6wkPPUrLLwIeUd
8ohwmcjDIaR6A2OgeYmnBtBfKvtqe6OyPlI/eNWxKI+lj+kAcasK21e4WX+oTmlj
AMpHY7aCTTqARuHyGDTYKbdlMmgnRjZWq4tOLhjnVoUmmo3w3MSSQh1UojpAYhK0
Mzi707nUNA92/L6HE2ygMH2ddDmhXghCgsxU6Ik+QsA2oww5klMhGbX2qFVM4lR6
60nDHIMeBLkZb1p1N1lC3K8bDINmHN+Og86AGzOAWCLMCS+mn3TuFILRp1CjlXp4
4vWU53YGchhfdOCyF6TsLkc8MPINb9Hwbb3iLWeTYObaaN6MlxR1sZo6pO4OrlYk
riGjfPTqyawjuo5muWkE4PCpGiFzOEW2TCBhbGPObp4+XCqypoGwJl6nTsqBha1V
ABvF5sKWCtt8Bz0b2b05tCY4QchbijpUGx+xBe3VMInt+DKo4f7o1bTOfSa5Wfi/
Q5GYzEWo8OHSqMvy1uO1GGwi7FIC15sPZJLJGzYW1L1F2PBue9gfMWEMc+/dbClj
JoPkcOIBx2O9whBWCZooBGvzSy9A1thOaxcbHO8jKS6xT6YOjeVsg2l6GDLT5IFl
F687rur3eoY=
=8TIq
-----END PGP SIGNATURE-----